Disruptionware VII: The Evolution of Disruptionware and the Growth of Ransomware as a Service (RaaS)

Faegre Drinker Biddle & Reath LLP

Faegre Drinker Biddle & Reath LLP

I have written multiple times about the danger of disruptionware to both Information Technology (IT) networks as well as Operational Technologies (OT) networks of victims globally. As discussed here, many different nefarious tools make up the disruptionware “tool kit.” These tools include, but are not limited to:

  • Ransomware
  • Wipers
  • Bricking capabilities tools
  • Automated components
  • Data exfiltration tools
  • Network reconnaissance tools

The most well-known and most used of all these tools is ransomware malware. Ransomware attacks have grown exponentially over the past few years. Dozens of ransomware gangs are launching ransomware attacks and terrorizing and extorting businesses throughout the world. This has included specific attacks against the U.S. energy sector as well as U.S. infrastructure projects.

In order to stay ahead of law enforcement and to increase profits, these ransomware gangs have created a new type of “business model,” where these gangs are now “franchising” their ransomware software to smaller nefarious cyber threat actors. This new evolution of the traditional disruptionware attack introduces the concept of Ransomware as a Service (RaaS). RaaS is an actual subscription-based model that encourages cyber threat actors to use already developed and effective ransomware tools to execute ransomware attacks against unsuspecting victims. This allows less sophisticated cyber threat actors to literally rent effective ransomware software and use it to continue the exponential growth of ransomware attacks.

According to Forbes, the “RaaS model permits talented hackers to use sophisticated and proved tactics, techniques and procedures to perpetrate the attack, while outsourcing the commodity infrastructure proven out in several years of ransomware attacks.” This has allowed cyber threat actors to increase attacks on energy, infrastructure and supply chains in numbers that are overwhelming businesses around the world. According to Protocol, this evolution of RaaS has led to a criminal marketplace of additional RaaS services, including:

  • Infrastructure as a Service – includes “bulletproof” web-hosting and domain registration services to help carry out new ransomware attacks
  • Hacking tools and access providers to gain access to victims who have already been compromised
  • Fraud shops that sell stolen data, including passwords and personal identifiable information (PII), of victimized individuals. This may also include compromised log-in credentials to allow the buyers access to a victim’s network
  • Post-attack services that provide underground call centers to call victims directly to try and further victimize them

This growth sand evolution of ransomware to include new criminal “product lines” such as RaaS, is a frightening evolution in the growth of cyber-attacks, particularly disruptionware. RaaS opens up the ability for less-skilled cyber threat actors to literally rent a ransomware attack from a more sophisticated ransomware gang and successfully launch it against an unsuspecting victim. Prior to 2020, these types of illicit third-party services only accounted for 3% of ransomware proceeds. In the last year alone, that number has tripled, with RaaS now accounting for over 9% percent of ransomware profits.

It appears that cyber threat actors have latched onto the famous axiom, “evolve or die.” Ransomware attacks, as they previously existed, have now evolved to present a new and greater threat to the world at large.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Faegre Drinker Biddle & Reath LLP | Attorney Advertising

Written by:

Faegre Drinker Biddle & Reath LLP

Faegre Drinker Biddle & Reath LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.